aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-11-05Makefile.m32: add brotli supportViktor Szakats
2017-11-05HTTP: implement Brotli content encodingPatrick Monnerat
This uses the brotli external library (https://github.com/google/brotli). Brotli becomes a feature: additional curl_version_info() bit and structure fields are provided for it and CURLVERSION_NOW bumped. Tests 314 and 315 check Brotli content unencoding with correct and erroneous data. Some tests are updated to accomodate with the now configuration dependent parameters of the Accept-Encoding header.
2017-11-05HTTP: support multiple Content-EncodingsPatrick Monnerat
This is implemented as an output streaming stack of unencoders, the last calling the client write procedure. New test 230 checks this feature. Bug: https://github.com/curl/curl/pull/2002 Reported-By: Daniel Bankhead
2017-11-04url: remove arg value check from CURLOPT_SSH_AUTH_TYPESJay Satiro
Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value check on this option is incorrect; we have to accept any value. Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
2017-11-04ntlm: avoid malloc(0) for zero length passwordsDaniel Stenberg
It triggers an assert() when built with memdebug since malloc(0) may return NULL *or* a valid pointer. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 Assisted-by: Max Dymond Closes #2054
2017-11-03CURLOPT_INFILESIZE: accept -1Daniel Stenberg
Regression since f121575 Reported-by: Petr Voytsik Fixes #2047
2017-11-02url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1Jay Satiro
Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.
2017-11-01http2: Fixed OOM handling in upgrade requestDan Fandrich
This caused the torture tests on test 1800 to fail.
2017-11-01CURLOPT_MAXREDIRS: allow -1 as a valueDaniel Stenberg
... which is valid according to documentation. Regression since f121575c0b5f. Verified now in test 501. Reported-by: cbartl on github Fixes #2038 Closes #2039
2017-11-01include: remove conncache.h inclusion from where its not neededDaniel Stenberg
2017-11-01url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1Jay Satiro
.. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html Reported-by: Andrew Lambert
2017-10-31cookie: avoid NULL dereferenceDaniel Stenberg
... when expiring old cookies. Reported-by: Pavel Gushchin Fixes #2032 Closes #2035
2017-10-30memdebug: use send/recv signature for curl_dosend/curl_dorecvMarcel Raad
This avoids build errors and warnings caused by implicit casts. Closes https://github.com/curl/curl/pull/2031
2017-10-30curlx: the timeval functions are no longer provided as curlx_*Daniel Stenberg
Pointed-out-by: Dmitri Tikhonov Bug: #2034
2017-10-30select: update commentsDaniel Stenberg
s/curlx_tvnow/Curl_now
2017-10-30timeval: use mach time on MacOSDmitri Tikhonov
If clock_gettime() is not supported, use mach_absolute_time() on MacOS. closes #2033
2017-10-29timeleft: made two more users of Curl_timeleft use timediff_tDaniel Stenberg
2017-10-28cmake: Export libcurl and curl targets to use by other cmake projectsJakub Zakrzewski
The config files define curl and libcurl targets as imported targets CURL::curl and CURL::libcurl. For backward compatibility with CMake- provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are also set. Closes #1879
2017-10-28auth: add support for RFC7616 - HTTP Digest access authenticationFlorin
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-28Curl_timeleft: change return type to timediff_tDaniel Stenberg
returning 'time_t' is problematic when that type is unsigned and we return values less than zero to signal "already expired", used in several places in the code. Closes #2021
2017-10-27setopt: fix CURLOPT_SSH_AUTH_TYPES option readDaniel Stenberg
Regression since f121575c0b5f Reported-by: Rob Cotrone
2017-10-27resolvers: only include anything if neededMarcel Raad
This avoids warnings about unused stuff. Closes https://github.com/curl/curl/pull/2023
2017-10-27curl_setup.h: oops, shorten the too long lineDaniel Stenberg
2017-10-27curl_setup: Improve detection of CURL_WINDOWS_APPMartin Storsjo
If WINAPI_FAMILY is defined, it should be safe to try to include winapifamily.h to check what the define evaluates to. This should fix detection of CURL_WINDOWS_APP if building with _WIN32_WINNT set to 0x0600. Closes #2025
2017-10-26transfer: Fix chunked-encoding upload bugJay Satiro
- When uploading via chunked-encoding don't compare file size to bytes sent to determine whether the upload has finished. Chunked-encoding adds its own overhead which why the bytes sent is not equal to the file size. Prior to this change if a file was uploaded in chunked-encoding and its size was known it was possible that the upload could end prematurely without sending the final few chunks. That would result in a server hang waiting for the remaining data, likely followed by a disconnect. The scope of this bug is limited to some arbitrary file sizes which have not been determined. One size that triggers the bug is 475020. Bug: https://github.com/curl/curl/issues/2001 Reported-by: moohoorama@users.noreply.github.com Closes https://github.com/curl/curl/pull/2010
2017-10-26timeval: make timediff_t also work on 32bit windowsDaniel Stenberg
... by using curl_off_t for the typedef if time_t is larger than 4 bytes. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co mmitcomment-25205058 Closes #2019
2017-10-26curl_fnmatch: return error on illegal wildcard patternDaniel Stenberg
... instead of doing an infinite loop! Added test 1162 to verify. Reported-by: Max Dymond Fixes #2015 Closes #2017
2017-10-26wildcards: don't use with non-supported protocolsMax Dymond
Fixes timeouts in the fuzzing tests for non-FTP protocols. Closes #2016
2017-10-25multi: allow table handle sizes to be overriddenMax Dymond
Allow users to specify their own hash define for CURL_CONNECTION_HASH_SIZE so that both values can be overridden. Closes #1982
2017-10-25time: rename Curl_tvnow to Curl_nowDaniel Stenberg
... since the 'tv' stood for timeval and this function does not return a timeval struct anymore. Also, cleaned up the Curl_timediff*() functions to avoid typecasts and clean up the descriptive comments. Closes #2011
2017-10-25ftplistparser: follow-up cleanup to remove PL_ERROR()Daniel Stenberg
2017-10-25ftplistparser: free off temporary memory alwaysMax Dymond
When using the FTP list parser, ensure that the memory that's allocated is always freed. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 Closes #2013
2017-10-25timediff: return timediff_t from the time diff functionsDaniel Stenberg
... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004 Closes #2005
2017-10-22mk-ca-bundle: Remove URL for auroraJon DeVree
Aurora is no longer used by Mozilla https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
2017-10-22mk-ca-bundle: Fix URL for NSSJon DeVree
The 'tip' is the most recent branch committed to, this should be 'default' like the URLs for the browser are. Closes #1998
2017-10-22imap: if a FETCH response has no size, don't call write callbackDaniel Stenberg
CVE-2017-1000257 Reported-by: Brian Carpenter and 0xd34db347 Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
2017-10-20ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg
... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
2017-10-20mime: do not reuse previously computed multipart sizePatrick Monnerat
The contents might have changed: size must be recomputed. Reported-by: moteus on github Fixes #1999
2017-10-19vtls: change struct Curl_ssl `close' field name to `close_one'.Patrick Monnerat
On OS/400, `close' is an ASCII system macro that corrupts the code if not used in a context not targetting the close() system API.
2017-10-19os400: add missing symbols in config file.Patrick Monnerat
Also adjust makefile to renamed files and warn about installation dirs mix-up.
2017-10-19mime: limit bas64-encoded lines length to 76 charactersPatrick Monnerat
2017-10-16setopt: range check most long optionsDaniel Stenberg
... filter early instead of risking "funny values" having to be dealt with elsewhere.
2017-10-16setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg
... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938
2017-10-15makefile.m32: allow to override gcc, ar and ranlibViktor Szakats
Allow to ovverride certain build tools, making it possible to use LLVM/Clang to build curl. The default behavior is unchanged. To build with clang (as offered by MSYS2), these settings can be used: CURL_CC=clang CURL_AR=llvm-ar CURL_RANLIB=llvm-ranlib Closes https://github.com/curl/curl/pull/1993
2017-10-15ldap: silence clang warningViktor Szakats
Use memset() to initialize a structure to avoid LLVM/Clang warning: ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] Closes https://github.com/curl/curl/pull/1992
2017-10-14memdebug: trace send, recv and socketDaniel Stenberg
... to allow them to be included in torture tests too. closes #1980
2017-10-13mime: do not call failf() if easy handle is NULL.Patrick Monnerat
2017-10-13mime: fix the content reader to handle >16K data properlyDaniel Stenberg
Reported-by: Jeroen Ooms Closes #1988
2017-10-12mime: keep "text/plain" content type if user-specified.Patrick Monnerat
Include test cases in 554, 587, 650. Fixes https://github.com/curl/curl/issues/1986
2017-10-11url: Update current connection SSL verify params in setoptArtak Galoyan
Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active connection updates the current connection's (i.e.'connectdata' structure) appropriate ssl_config (and ssl_proxy_config) structures variables, making these options effective for ongoing connection. This functionality was available before and was broken by the following change: "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. Bug: https://github.com/curl/curl/issues/1941 Closes https://github.com/curl/curl/pull/1951